Static task
static1
General
-
Target
Matts-Surface-Book-2_2023-04-25_17_21_07.zip
-
Size
12KB
-
MD5
b634af78d5ca8f4db5409eb51f56225c
-
SHA1
107326e67c7a350e0d15b21b18a5b04455675095
-
SHA256
97d42b163487c1634884b74e1c835e5fa0152b9b138cf25cc66a99bb36f9d7e9
-
SHA512
cd0564b620d24cecab1325023409fd4f6cbf70304b720a3c38605e984ac16a4ca440c19f7be13cfbed3c60d972e9e9f45ad285b6ebd3a67c57b6b0ed94f53758
-
SSDEEP
192:N9JHCv9yVXyuMthhjmm0xSQYROrwqOMb14g+TeOiXeCNXE0H9eTHSJ/FoR5S2pq:NPSKCuMthX5+wqOMZ40XtE8+sdoRY2pq
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Device/HarddiskVolume4/Windows/System32/drivers/WSDScan.sys
Files
-
Matts-Surface-Book-2_2023-04-25_17_21_07.zip.zip
Password: B!gId3a4u2C$$
-
Device/HarddiskVolume4/Windows/System32/drivers/WSDScan.sys.exe windows x64
Password: B!gId3a4u2C$$
4abe8db7a23e1c9ce8d7be99a195a165
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntoskrnl.exe
IoRegisterDeviceInterface
KeAcquireSpinLockRaiseToDpc
IoSetDeviceInterfaceState
IoDetachDevice
RtlFreeUnicodeString
RtlInitUnicodeString
KeInitializeSpinLock
IoOpenDeviceRegistryKey
IoDeleteDevice
RtlCopyUnicodeString
PoSetPowerState
IoGetDevicePropertyData
IoDeleteSymbolicLink
IoAttachDeviceToDeviceStack
KeReleaseSpinLock
KeSetEvent
ExAllocatePool2
ExFreePool
KeClearEvent
IoGetDeviceProperty
MmGetSystemRoutineAddress
IoCreateDevice
IofCallDriver
IoWMIRegistrationControl
KeInitializeEvent
IofCompleteRequest
KeWaitForSingleObject
IoReleaseCancelSpinLock
ZwClose
ZwSetValueKey
ZwOpenKey
IoAllocateWorkItem
PoCallDriver
PoRequestPowerIrp
IoFreeWorkItem
IoQueueWorkItem
PoStartNextPowerIrp
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 304B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 744B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 562B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
GFIDS Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 620B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
manifest.json